802.1x(ACS) with avaya phones

vijay kumar · ‎08-08-2014

Hi All ,

We are implementing wired dot1x for our wired users with EAP-TLS. When I am connecting laptop it is getting authenticated and it is working fine. For Voip(Avaya) we are using MAB .When we connect VOIP , after 30 seconds ACS is giving Access-accept(auth success) . But Voip is stuck up in Bad router state and VOIP is not working. If I connect the laptop behind the voip it is getting authenticated and it is working fine eventhough voip is stuck up.

Is there a way we can reduce 802.1x auth timings , so that VOIP can register succesfully?

The switch interface config is ,

authentication event fail action next-method
authentication host-mode multi-auth
authentication order dot1x mab
authetication priority dot1x mab
authentication port-control auto
mab
dot1x pae authenticator
dot1x timeout tx-period 10

Thanks,

Vijay

hdussa · ‎08-15-2014

Hi,

i am using AVAYA as well in production. They support 802.1X.

Configure Voice VLAN on each Port.

Let ACS send the radius attribute device-traffic-class=voice under

Policy Elements/Authorization and Permissions/Network Access/Authorization Profiles VOICE VLAN

and select Permission to join static.

A good guide: IP Telephony for 802.1X Design Guide

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/IP_Tele/IP_Telephony_DIG.html

Regards Horst

mohanak · ‎08-19-2014

Please check the attachment